Urgent Google Chrome Update to Patch Type Confusion Vulnerability (CVE-2022-1096)

Urgent Google Chrome Update to Patch Type Confusion Vulnerability (CVE-2022-1096)

VTA-00411 – Urgent Google Chrome Update to Patch Type Confusion Vulnerability  (CVE-2022-1096)

Google has issued update to Chrome 99.0.4844.84 for Windows, Mac, and Linux, to address a high severity vulnerability in its Chrome browser that is being actively exploited in the wild, which has been tracked as CVE-2022-1096. The zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. Type confusion errors which arise when a resource (e.g. a variable or an object) is accessed using a type that is incompatible to what was originally initialized to enable a malicious actor to perform out-of-bound memory access. Therefore, when a memory buffer is accessed using the wrong type, it could read or write memory out of the bounds of the buffer. If the allocated buffer is smaller than the type that the code is attempting to access, it will lead to a crash and possibly code execution.


Attack Surfaces:
Web Browser

Execution, Privilege Escalation

Out-of-Bounds Memory Access, Arbitrary Code Execution

Active Defense Tactics:
Detect, Disrupt

Active Defense Techniques:
Security Controls, Software Manipulation

SuperPRO’s Threat Countermeasures Procedures: 
1. Update Google Chrome to version  99.0.4844.84
2. Enable auto-updates to ensure software/program is always up to date.

Contributed by:  Jyao

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>